The Hacker Recipes
GitHubTwitterKo-fi (one-time support)Patreon (monthly support)
Search…
Introduction
Active Directory
Reconnaissance
Movement
Credentials
MITM and coerced auths
NTLM
Kerberos
Pre-auth bruteforce
Pass the key
Overpass the hash
Pass the ticket
Pass the cache
Forged tickets
ASREQroast
ASREProast
Kerberoast
Delegations
Shadow Credentials
UnPAC the hash
Pass the Certificate
Access controls
Group policies
Built-in groups
Domain settings
🛠️ Trusts
Netlogon
Certificate Services (AD-CS)
Exchange services
Print Spooler Service
Persistence
Web services
Reconnaissance
Configuration
Accounts and sessions
User inputs
Systems & services
Reconnaissance
Movement
Privilege escalation
Pivoting
🛠️ Physical
Locks
Networking
Machines
Super secret zones
🛠️ Intelligence gathering
CYBINT
OSINT
GEOINT
🛠️ RADIO
RFID
Bluetooth
Wi-Fi
Wireless keyboard/mouse
🛠️ binary exploitation
Use-after-free
Buffer overflow
🛠️ mobile apps
Android
iOS
Powered By GitBook
Overpass the hash
This technique is a form of pass the key.
Kerberos offers 4 different key types: DES, RC4, AES-128 and AES-256.
When attackers know the RC4 key (which is in fact the user's NT hash), and when the RC4 etype is not disabled, they can use it to obtain Kerberos tickets.
Previous
Pass the key
Next
Pass the ticket
Last modified 1mo ago
Copy link